Secure Shell

New protocol out SSH2 not quite ready for prime time
as important config parameters are not implemented yet and the default behaviour is not
explained in the man pages.

SSH package includes secure shell ssh and secure copy scp which
are versions of the familiar unix rsh, sh and rcp, cp commands
which run over secure socket layer ssl.SSH2 also includes sftp a
secure ftp over ssl.

SSH is a program to log into another computer over a network, to execute
commands in a remote machine, and to move files from one machine to another. It provides
strong authentication and secure communications ssl over insecure channels.
It is intended as a replacement for rlogin, rsh, rcp, rdist and with ssh2 ftp.

In order to make SSH secure it is necessary to set the following
parameters which prevent, among other things, SSH from falling out into clear/unencrypted
mode.

Currently if using pre 1.2.26 versions the best idea is to step up to
1.2.26 which is both forward compatible with SSH 2 and backward compatible with SSH 1
versions.
When all machines are at 1.2.26 you can upgrade to SSH2 which has many new features
including sftp. for more info see http://www.ssh.fi/sshprotocols2/index.html
.

an empty config file should be placed in the users home directory owned by
root and writable only by root. This will force the system wide settings for all
users.

--without-none never allow clear text (unencrypted)
communication in the case where one of the servers has no key.
--without-rsh never allow rshell rhosts as an option when a
server has no key.

The StrictHostKeyChecking option
can be used to prevent logins to machines whose host key is not known or has
changed.
If this flag is set to "yes", ssh ssh
will never automatically add host keys to the /etc/ssh_known_host or
$HOME/.ssh/known_hosts file, and refuses to connect hosts
whose host key has changed. This provides maximum protection against trojan
horse attacks.

RhostsRSAAuthentication when set to yes this
allows ~/.shosts to define keys

May be set to "yes", "nopwd", or
"no".The "nopwd" value disables password-authenticated root
logins."nopwd" and "no" are equivalent unless you have a
.ssh/authorized_keys file in the root home directory.
Root login with RSA authentication when the "command" option has been specified
will be allowed regardless of the value of this setting (which may be useful for taking
remote backups even if root login is normally not allowed.
SSH includes the following important files

/etc/sshd_config /etc/ssh_config
configuration files

~/.ssh/
directory ssh info per user

known_hosts identity identity.pubauthorized_keys hosts and keys

CONFIGURATION FILES

The server has a configuration file /etc/sshd_config, It is explained in the
sshd manual page.

The client reads a configuration file /etc/ssh_config, which gives site-wide
defaults for various options. Options in this file can be overridden by per-user
configuration files. The file is documented on the ssh manual page

Links for information about

Extra Info:

The General WWW home page for ssh is here.(mainly
deals with SSH in the unix environment) It contains an archive of the mailing list, and
detailed information about new releases, mailing lists, and other relevant issues.

Configure SSH on a Solaris box:

For most machines and configurations, the following is all you need ./configure --without-none --without-rshmakemake install

You may also want to create the /etc/ssh_known_hosts for your site and update it
periodically. See the manual page for make-ssh-known-hosts on how to do this easily. The
file format is documented on the sshd manual page

You should also edit /etc/rc.local or equivalent to start sshd at boot

CLIENT SUID ROOT, SERVER RUN AS ROOT

This package installs two programs that need special privileges. Ssh is the client
program, and it is by default installed as suid root, because it needs to create a
privileged port in order to use .rhosts files for authentication. If it is not installed
as suid root, it will still be usable, but .rhosts authentication will not be available.
Also, the private host key file is readable by root only Sshd is the daemon that listens
for connections. It should preferably be run as root, because it is by normally listening
on a privileged port, and it needs to be able to do setuid(), update utmp, chown ptys etc.
when a user logs in. If it is not run as root, explicit "-p port" option must be
given to specify an alternate port (same port must also be specified for clients),
"-h host_key_file_path" must be given to specify an alternate host key file, and
it cannot be used to log in as any other user than the user running it (because it cannot
call setuid()).
Also, if your system uses shadow passwords, password authentication will not work when
running as someone else than root.

Both the server and the client have been carefully screened for possible security
problems, and are believed to be secure. However, there can be no guarantee.

Configure SSH on an NT box:(extra points)

You'll need to create a c:\ssh\etc directory to keep your ssh_config, ssh_host_key, and
ssh_host_key.pub in. You need to generate the keys on your Unix box with ssh-keygen (bug
ssh-keygen doesnt work on NT)

Next, make sure your HOME environment variable is set. On NT, this can be done via the
Control Panel->System.

Create a <HOME>\.ssh directory (don't forget the dot).
Copy(ftp) your identity and identity.pub files in this subdirectory (these
2 files were generated by ssh-keygen on the unix box)

Setting up ssh to work without requiring any passwords

After installing SSH if you need a destination machine to trust the source
machine. Do the following :

.ssh/Identity.pub (public key) of the source machine needs to be appended to the
list of keys in .ssh/authorized_keys on the destination machine.